Update of /cvsroot/phpwiki/phpwiki/lib/plugin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13891/plugin Modified Files: RecentChanges.php WikiAdminChmod.php WikiAdminRemove.php WikiAdminRename.php WikiAdminSearchReplace.php WikiAdminSetAcl.php WikiAdminUtils.php Log Message: enforce PagePermissions, errormsg if not Admin Index: RecentChanges.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/RecentChanges.php,v retrieving revision 1.85 retrieving revision 1.86 diff -u -2 -b -p -d -r1.85 -r1.86 --- RecentChanges.php 17 Feb 2004 12:11:36 -0000 1.85 +++ RecentChanges.php 12 Mar 2004 13:31:43 -0000 1.86 @@ -308,4 +308,6 @@ extends _RecentChanges_Formatter } + // enforce view permission + if (mayAccessPage('view',$rev->_pagename)) { $lines->pushContent($this->format_revision($rev)); @@ -314,4 +316,5 @@ extends _RecentChanges_Formatter $first = false; } + } if ($lines) $html->pushContent($lines); @@ -481,4 +484,6 @@ extends _RecentChanges_Formatter $first = true; while ($rev = $changes->next()) { + // enforce view permission + if (mayAccessPage('view',$rev->_pagename)) { $rss->addItem($this->item_properties($rev), $this->pageURI($rev)); @@ -487,4 +492,5 @@ extends _RecentChanges_Formatter $first = false; } + } global $request; @@ -775,4 +781,7 @@ class DayButtonBar extends HtmlElement { // $Log$ +// Revision 1.86 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.85 2004/02/17 12:11:36 rurban // added missing 4th basepage arg at plugin->run() to almost all plugins. This caused no harm so far, because it was silently dropped on normal usage. However on plugin internal ->run invocations it failed. (InterWikiSearch, IncludeSiteMap, ...) Index: WikiAdminChmod.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminChmod.php,v retrieving revision 1.4 retrieving revision 1.5 diff -u -2 -b -p -d -r1.4 -r1.5 --- WikiAdminChmod.php 24 Feb 2004 15:20:06 -0000 1.4 +++ WikiAdminChmod.php 12 Mar 2004 13:31:43 -0000 1.5 @@ -114,7 +114,13 @@ extends WikiPlugin_WikiAdminSelect if ($p && !$request->isPost()) $pages = $p; - if ($p && $request->isPost() && $request->_user->isAdmin() - && !empty($post_args['chmod']) && empty($post_args['cancel'])) { - // FIXME: error message if not admin. + if ($p && $request->isPost() && + !empty($post_args['chmod']) && empty($post_args['cancel'])) { + + // FIXME: check individual PagePermissions + if (!$request->_user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); + $this->disabled("! user->isAdmin"); + } + if ($post_args['action'] == 'verify') { // Real action @@ -193,4 +199,7 @@ extends WikiPlugin_WikiAdminSelect // $Log$ +// Revision 1.5 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.4 2004/02/24 15:20:06 rurban // fixed minor warnings: unchecked args, POST => Get urls for sortby e.g. Index: WikiAdminRemove.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminRemove.php,v retrieving revision 1.15 retrieving revision 1.16 diff -u -2 -b -p -d -r1.15 -r1.16 --- WikiAdminRemove.php 1 Mar 2004 13:48:46 -0000 1.15 +++ WikiAdminRemove.php 12 Mar 2004 13:31:43 -0000 1.16 @@ -143,7 +143,12 @@ extends WikiPlugin $pages = array(); - if ($p && $request->isPost() && $request->_user->isAdmin() - && !empty($post_args['remove']) && empty($post_args['cancel'])) { - // FIXME: error message if not admin. + if ($p && $request->isPost() && + !empty($post_args['remove']) && empty($post_args['cancel'])) { + + // FIXME: check individual PagePermissions + if (!$request->_user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); + $this->disabled("! user->isAdmin"); + } if ($post_args['action'] == 'verify') { // Real delete. @@ -214,4 +219,7 @@ extends WikiPlugin // $Log$ +// Revision 1.16 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.15 2004/03/01 13:48:46 rurban // rename fix Index: WikiAdminRename.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminRename.php,v retrieving revision 1.8 retrieving revision 1.9 diff -u -2 -b -p -d -r1.8 -r1.9 --- WikiAdminRename.php 1 Mar 2004 13:48:46 -0000 1.8 +++ WikiAdminRename.php 12 Mar 2004 13:31:43 -0000 1.9 @@ -107,6 +107,13 @@ extends WikiPlugin_WikiAdminSelect if ($p && !$request->isPost()) $pages = $p; - if ($p && $request->isPost() && $request->_user->isAdmin() - && !empty($post_args['rename']) && empty($post_args['cancel'])) { + if ($p && $request->isPost() && + !empty($post_args['rename']) && empty($post_args['cancel'])) { + + // FIXME: check individual PagePermissions + if (!$request->_user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); + $this->disabled("! user->isAdmin"); + } + // FIXME: error message if not admin. if ($post_args['action'] == 'verify') { @@ -188,4 +195,7 @@ extends WikiPlugin_WikiAdminSelect // $Log$ +// Revision 1.9 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.8 2004/03/01 13:48:46 rurban // rename fix Index: WikiAdminSearchReplace.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminSearchReplace.php,v retrieving revision 1.6 retrieving revision 1.7 diff -u -2 -b -p -d -r1.6 -r1.7 --- WikiAdminSearchReplace.php 24 Feb 2004 15:20:07 -0000 1.6 +++ WikiAdminSearchReplace.php 12 Mar 2004 13:31:43 -0000 1.7 @@ -128,7 +128,13 @@ extends WikiPlugin_WikiAdminSelect if ($p && !$request->isPost()) $pages = $p; - if ($p && $request->isPost() && $request->_user->isAdmin() - && empty($post_args['cancel'])) { - // FIXME: error message if not admin. + if ($p && $request->isPost() && + empty($post_args['cancel'])) { + + // FIXME: check individual PagePermissions + if (!$request->_user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); + $this->disabled("! user->isAdmin"); + } + if ($post_args['action'] == 'verify' and !empty($post_args['from'])) { // Real action @@ -238,4 +244,7 @@ function stri_replace($find,$replace,$st // $Log$ +// Revision 1.7 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.6 2004/02/24 15:20:07 rurban // fixed minor warnings: unchecked args, POST => Get urls for sortby e.g. Index: WikiAdminSetAcl.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminSetAcl.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -2 -b -p -d -r1.2 -r1.3 --- WikiAdminSetAcl.php 24 Feb 2004 04:02:07 -0000 1.2 +++ WikiAdminSetAcl.php 12 Mar 2004 13:31:43 -0000 1.3 @@ -108,7 +108,13 @@ extends WikiPlugin_WikiAdminSelect if ($p && !$request->isPost()) $pages = $p; - if ($p && $request->isPost() && $request->_user->isAdmin() - && !empty($post_args['acl']) && empty($post_args['cancel'])) { - // FIXME: error message if not admin. + if ($p && $request->isPost() && + !empty($post_args['acl']) && empty($post_args['cancel'])) { + + // FIXME: check individual PagePermissions + if (!$request->_user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); + $this->disabled("! user->isAdmin"); + } + if ($post_args['action'] == 'verify') { // Real action @@ -208,4 +214,7 @@ extends WikiPlugin_WikiAdminSelect // $Log$ +// Revision 1.3 2004/03/12 13:31:43 rurban +// enforce PagePermissions, errormsg if not Admin +// // Revision 1.2 2004/02/24 04:02:07 rurban // Better warning messages Index: WikiAdminUtils.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/WikiAdminUtils.php,v retrieving revision 1.5 retrieving revision 1.6 diff -u -2 -b -p -d -r1.5 -r1.6 --- WikiAdminUtils.php 17 Feb 2004 12:11:36 -0000 1.5 +++ WikiAdminUtils.php 12 Mar 2004 13:31:43 -0000 1.6 @@ -62,6 +62,8 @@ extends WikiPlugin if ($request->isPost()) { $user = $request->getUser(); - if (!$user->isAdmin()) + if (!$user->isAdmin()) { + $request->_notAuthorized(WIKIAUTH_ADMIN); return $this->error(_("You must be an administrator to use this plugin.")); + } return $this->do_action($request, $posted); } |